Meet Kelly; she started her journey from managing legacy systems to orchestrating cutting-edge security pipelines, demonstrating the power of focused upskilling. Her transformation from a traditional system administrator to a DevSecOps Engineer showcases how the right training can accelerate career growth in the security-first era of software development.
DevSecOps revolutionized my approach to IT. It’s not just about shifting left; it’s about embedding security DNA into every piece of code we deploy. The ability to catch vulnerabilities before they hit production and automate security controls gives me a sense of accomplishment that I never found in traditional system administration.
The Journey from System Administrator to Security
Before her transformation, Kelly spent 6 years as a system administrator at a healthcare technology company. Her daily routine involved managing Linux servers, troubleshooting network issues, and maintaining backup systems. While she excelled at keeping systems running, a major security incident opened her eyes to the limitations of traditional IT operations.
We faced a critical security breach in our container registry. Despite our best efforts at perimeter security, a vulnerable container image made it into production. That’s when I realized that traditional security measures weren’t enough for modern cloud-native applications.
The incident sparked Kelly’s interest in DevSecOps, but the path forward wasn’t immediately clear. Her background included strong Linux skills and basic Python scripting, but modern DevSecOps required expertise in:
- Building secure CI/CD pipeline security
- Workings of Containers
- Software Composition Analysis (SCA)
- Dynamic Application Security Testing (DAST)
- Static Application Security Testing (SAST)
- Infrastructure as Code
- Compliance as code and more
The Turning Point
After exploring various learning options, Kelly discovered Practical DevSecOps through their comprehensive YouTube content. What caught her attention wasn’t just the technical depth. It was the practical, real-world approach to security automation.
The free YouTube tutorials were eye-opening. They didn’t just show you how to use tools; they explained why certain security controls were necessary and how they fit into the bigger picture of secure software delivery. The instructor’s ability to explain complex concepts like Container Security Scanning or GitOps through real-world scenarios made everything click.
Despite the quality of free content, Kelly knew she needed a structured learning path. The decision to invest in the Practical DevSecOps Certification Course came after carefully considering her career goals.
The Learning Journey
Kelly study routine was intense but strategic:
- 2 hours every weekday evening dedicated to course materials
- 4 – 6 hours on weekends for hands-on labs
- Additional time practicing with open-source tools
Key Technical Milestones Included:
- Building her first secure CI/CD pipeline using GitLab
- Learning to build container images
- Using SCA Tools in the pipeline and automating it
- Learned about the SAST implementation in the pipeline
- Implementing automated vulnerability scanning with OWASP ZAP
- Setting up Infrastructure as Code security scanning with Checkov
- Compliance as code concepts with Ansible
- Vulnerability Management with DefectDojo
Kelly also learns DevSecOps Gospel, a set of rules / best practices to be followed while picking various tools and implementing/automating them.
The biggest challenge? “Time management,” Kelly admits. “Balancing a full-time job with intensive learning wasn’t easy. But the course’s modular structure helped me progress steadily, and the hands-on labs meant I was building practical skills with every module.
The Transformation
Within 6 months, Kelly’s new skills caught the attention of a major fintech company. Her interview process included practical demonstrations of:
- Setting up a secure GitLab CI/CD pipeline
- Implementing security scanning in Jenkins
- Building end to end enterprise DevSecOps pipeline
The result? A senior DevSecOps engineer position with a 65% salary increase and the opportunity to lead security automation initiatives.
Today, Kelly manages a team of DevSecOps engineers, implementing:
- Automated security testing in CI/CD pipelines
- Cloud-native security controls
- Compliance as Code frameworks
- Security metrics and dashboards
The most rewarding part isn’t just the technical achievements. It’s seeing the cultural change. Developers now understand security requirements better, security teams appreciate automation, and we’re delivering secure features faster than ever. My transformation wouldn’t have been possible without the solid foundation I got from Practical DevSecOps.
Her Advice for DevSecOps Aspirants
Start with the fundamentals of both development and security. Understand CI/CD pipelines, learn Infrastructure as Code, and most importantly, practice regularly with real-world scenarios. The field is evolving rapidly, but the opportunities are limitless with the right training and dedication.
Ready to Start Your DevSecOps Journey?
After going through your blog on How a System Administrator Transformed into a Certified DevSecOps Engineer in 3 Months—such an inspiring journey! Kelly’s transition highlights the growing need for DevSecOps best practices and how secure coding practices are now essential for modern IT roles.
While researching, I found this resource on DevSecOps Essentials: Mitigating Early-Stage Vulnerabilities with SonarQube and OWASP Dependency-Check: https://mobisoftinfotech.com/resources/blog/devsecops-mitigating-vulnerabilities-sonarqube-owasp. It provides insights into SonarQube security, OWASP security, and how early-stage vulnerability mitigation strengthens security within CI/CD pipeline security.
Since Kelly’s journey involved mastering SAST, DAST, and compliance as code, I’d love to hear your thoughts on which software security tools provided the biggest learning curve. Was SonarQube static analysis particularly useful, or did OWASP Dependency-Check play a bigger role in vulnerability detection?